I have this project running in Angular 8 and does call api's with preflight and the actual API. And we have a problem on it's web security due to the preflight OPTIONS doesnt have the header Strict-Transport-Security: max-age=31536000; includeSubDomains while the actual GET api has one.
Do you have any idea if how and where to add the Strict-Transport-Security: max-age=31536000; includeSubDomains under preflight and the actual request so that two requests will have the same headers?
This is the way for to set HttpHeader into a request.
import {Injectable} from '@angular/core';
import {Http, Headers} from '@angular/http';
@Injectable()
export class HttpClient {
constructor(private http: Http) {}
get(url) {
let headers = new Headers();
headers.append('Transport-Security', 'max-age=31536000;includeSubDomains')
return this.http.get(url, {
headers: headers
});
}
}